Hi,

my name is Dominik, I’m 40 years old and from Germany. I’ve been hunting for and taking apart interesting malware for nearly 20 years.

It all started when I stumbled upon a trojan called Netbus in the late ’90s. It was exciting to see what you can do with such a tool, even though I had no idea how it worked under the hood. Nevertheless, I had reached the point of no return to learn more about the wonderful world of abusing APIs, interfaces or software/hardware for malicious purposes aka malware development.

While roaming for a few years on various malware and rootkit related forums, around the same time I’ve discovered the fascinating topic of reverse-engineering. I was struck by the fact that you could rebuild software by its disassembled code and understand how it works.

Later, around 2009 when I got infected with the famous TDL rootkit, I became hooked on finding out how this could happen and what the malware does. At that time, I found the Sysinternals forums that had many like-minded people who were much more skilled than I was. It was a great opportunity to learn more about malware analysis and connect with other people.

After the Sysinternals forums fell apart due to spams and inactivity by its admins, a few people and I created the Kernelmode.info forum (discontinued). It lasted for nearly 10 years with tons of great contributions from many different individuals, before we closed it in 2019. During those years, I’ve also worked for ESET for a short period of time as a malware article writer.

In late 2016, I applied for and was hired as a malware researcher at Palo Alto Networks. It was an great opportunity to work in a professional environment and learn from other more skilled people about malware research, detection and software development before I quit in 2025.

This website was created with the help of Jekyll, whiteglass (modified) and A Magic Rpg Enemy.